While the defaults we saw in the previous section for newly-created files are sensible in many situations, they're not ideal in others. In particular, note that every other user on the system has permission to read the file, if they can get to it or name it. This isn't appropriate for files with sensitive information in them, such as passwords, private keys, or confidential user data. In such a situation, we don't want all the files we create to be readable by every user on the system, especially for the system users running processes for unauthenticated network services, such as a web server! How can we arrange for Bash to lock the files down?
When Bash creates files for redirected output, it starts ...